Re: Is it possible to do some damage to database with SELECT query?

Поиск
Список
Период
Сортировка
От A. Kretschmer
Тема Re: Is it possible to do some damage to database with SELECT query?
Дата
Msg-id 20080722102046.GC2742@a-kretschmer.de
обсуждение исходный текст
Ответ на Is it possible to do some damage to database with SELECT query?  ("Teemu Juntunen" <teemu.juntunen@e-ngine.fi>)
Ответы Re: Is it possible to do some damage to database with SELECT query?  (Karsten Hilbert <Karsten.Hilbert@gmx.net>)
Список pgsql-general
Дерево обсуждения 
am  Tue, dem 22.07.2008, um 12:50:31 +0300 mailte Teemu Juntunen folgendes:
> Hi,

First, don't hijack other threads!


>
> is it possible to make a SELECT query with some nasty follow up commands,
> which damages the database.
>
> Something like:
>
> SELECT *,(DROP DATABASE enterprise) AS roger FROM sales WHERE sales >
> (UPDATE order SET order=1);
>
> I know this wont work, but is there some possibility to modify database
> with SELECT query?

Sure, with sql-injection. There are a lot to read via google, for
instance http://en.wikipedia.org/wiki/SQL_injection


HTH, Andreas
--
Andreas Kretschmer
Kontakt:  Heynitz: 035242/47150,   D1: 0160/7141639 (mehr: -> Header)
GnuPG-ID:   0x3FFF606C, privat 0x7F4584DA   http://wwwkeys.de.pgp.net

В списке pgsql-general по дате отправления:

Предыдущее
От: "Teemu Juntunen"
Дата:
Сообщение: Is it possible to do some damage to database with SELECT query?
Следующее
От: Oleg Bartunov
Дата:
Сообщение: Re: Using ISpell dictionary - headaches...